Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4440
HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-4440

2009-12-2819:30:00
CWE-362
mitre
web.nvd.nist.gov
27
cve-2009-4440
directory proxy server
sun java system
enterprise edition
remote attackers
hijack
authenticated user
long binds
bug ids 6828462
6823593

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to “long binds,” aka Bug Ids 6828462 and 6823593.

Affected configurations

Nvd
Node
sunjava_system_directory_serverMatch6.0enterprise
OR
sunjava_system_directory_serverMatch6.1enterprise
OR
sunjava_system_directory_serverMatch6.2enterprise
OR
sunjava_system_directory_serverMatch6.3enterprise
VendorProductVersionCPE
sunjava_system_directory_server6.0cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:*
sunjava_system_directory_server6.1cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*
sunjava_system_directory_server6.2cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*
sunjava_system_directory_server6.3cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*

Related

cvelist 1
prion 1
nvd 1
openvas 2
nessus 2
cvelist
cvelist
CVE-2009-4440
2009-12-28 19:00:00
prion
prion
Design/Logic Flaw
2009-12-28 19:30:00
nvd
nvd
CVE-2009-4440
2009-12-28 19:30:00
openvas
openvas
Sun Java System DSEE Multiple Vulnerabilities - Windows
2010-01-04 00:00:00
Sun Java System DSEE Multiple Vulnerabilities (Windows)
2010-01-04 00:00:00
nessus
nessus
Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.
2009-12-30 00:00:00
Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple Vulnerabilities
2009-12-30 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON
Related for CVE-2009-4440
cvelist1prion1nvd1openvas2nessus2